Posted
by
timothy
on Thursday November 26, 2009 @08:15PM
from the deep-pocket-inspection dept.

Shokaster writes "The Register reports that Virgin Media are to begin monitoring file sharing using a deep packet inspection system, CView, provided by Deltica, a BAE subsidiary. The trial will cover about 40% of customers, although those involved will not be informed. CView's deep packet inspection is the same technology that powered Phorm's advertising system. Initially Virgin Media's implementation will focus on music sharing and will inspect packets to determine whether the content is licensed or unlicensed, based on data provided by the record industry. Virgin Media emphasised that records will not be kept on individual customers and that data on the level of copyright infringement will be aggregated and anonymised."

a Man in the Middle can still proxy the key negotiation and access the plaintext.

But wouldn't this be illegal?
Let's leave aside P2P, in which you may or may not have the right to transfer particular copyright material (depending on the material, of course). If you protect your personal communications - in which copyright belongs to you - with a DRM scheme such as a non-trivial encryption, then decrypting it would be an unauthorized circumvention of that DRM. The mechanism used, whether brute-force or Man in the Middle, is merely a technical detail.

Well yeah but reading up [wikipedia.org] it seems that A person in the middle may establish two distinct Diffie–Hellman key exchanges, one with Alice and the other with Bob, effectively masquerading as Alice to Bob, and vice versa, allowing the attacker to decrypt (and read or store) then re-encrypt the messages passed between them. A pre-arranged certificate could be used to exclude the man in the middle but then the client may proceed with the negotiation anyway (to get their stuff) and the cert can be comprimised if it is sent in the clear over the same link, ie, by apt-get or similar.

Of course, then the fingerprints will be wrong. Granted, very few people check them but there are cases like you having a laptop locally and ssh stores the fingerprint. Then you take your laptop on a trip and suddenly ssh throws nasty "this fingerprint doesn't match" because you're being MITM'd, or paranoid people verifying it via email or phone or obfuscated in the message - the last could be replaced, but then they've have to have a perfect obfuscation search and replace, unlikely. So yeah, MITM works but

It can tell you that an eavesdropper is in the middle of the link, but this doesn't help you if you know your link is compromised by the company which operates it. In that case you can only look for alternatives or fall back to keys arranged over other channels.

How about some sort of signing system. The host can provide a signed file with payload info and a certificate, then the client can verify that it is from the actual host that you are connecting to. Any sort of public key system would work for this.

From this point, you should already have secure communication channel though the certificate to the server, and can join the "net of trust". Secure connections can then be negotiated by someone already in this net of trust, be it the server, or another client.

Unfortunately, it's not practical to keep the public keys of every single organisation on the planet you may wish to trust.

So instead, certificate authorities (a trusted third party) vouch that the public key you are being presented really is from who it claims to be.

Which is well and good but unless you have a certificate authority which only ever grants certificates to people who are not part of the ISP or the music industry, it's more or less useless for this purpose.

Well, you could use something like GPG. If the ISP really wants to devote the resources to tracking down and faking certificates for every single torrent file, then matching them to specific connections, then they probably have a lot more processing power than I would expect from an ISP

I've got a better idea. Have your legislators ensure they stay the hell out of your content. They aren't allowed to listen to your phone calls, wy the hhell should they be allowed to look at your data. Seriously... if they suspect people of committing a crime, they should get a warrant.

Any human rights documents from any western country (UK, US, Canada, etc) are quickly becoming no more than toilet paper.

The only way we have to stop them is to make it physically impossible for them to trample our rights. Encryption is one way we can stop this abuse of power. Laws only get us so far when "national security" is on the line.

Any human rights documents from any western country (UK, US, Canada, etc) are quickly becoming no more than toilet paper.

Isn't that an interesting coincidence that they all became this way at (relatively) the same time? You'd think that the ones who don't become this way would enjoy a degree of economic and social prosperity that would give them quite a competitive edge against the other nations.

When are you guys going to wake up and realize that sovereign nations hardly exist anymore? If you want to

I fully agree. The rise of surveillance of telecommunications (of whatever method) in the West is getting a bit alarming. Ubiquitous encryption will become the standard I feel. We are moving towards a word where all new software, systems and protocols that get developed, will include encryption to a greater or lesser extent.

It started with the widespread logging and monitoring of all phone calls entering and leaving the US after 9/11 (this really irritates me as a non-American - that my calls TO America are getting logged and possibly intercepted). Since then though I feel that it is the UK that is becoming the worst offender. AU and NZ are still pretty much surveillance-free... although that's mostly a product of them being isolated and not having suffered a direct attack, rather than them having stricter protections against this kind of thing. I'm sure if there were an attack or threat there, there would be impetus to implement similar systems to the US/UK.

So yeah, I would urge everyone to use encryption in their daily lives as much as they can. Of course, most of us have nothing to hide in this respect, but it's really the ~principle~ of the thing that is at stake here, rather than an actual need to encrypt. If we make it technically or financially unfeasible to monitor communications en masse, then Governments will be more reluctant to do it, and will return to concentrating on tapping into only particular, suspected communications, by way of a proper warrant. Like they ~should~ be doing.

The more false-positives they measure, the more they can make the case for increasingly intrusive DPI which will inevitably include personally identifying users and meddling with their traffic if not disconnecting them.

It's nice to see the military industrial complex involved in the music industry's problem.

Only the RIAA is allowed to distribute music there will be no other source or at least that is looking like their plan.

I suggest a boycott during the 3rd Quarter: April 1, 2010- June 30, 2010, and 4th Quarter: July 1, 2010 - September 30, 2010Someone could set up a nice website, people could vote on a list of demands/consumer rights, and people could start an email/facebook campaign. A dent in the industries profits might get these people's attention.

Look, the RIAA and their equivalents in other countries do not see losses in profit as "hey, we better do something different", no they say "PIRACY!!!11!1111!1!1" and use that to fuel more crap laws to extend copyright. Boycotts do not work. Even if indie records outsell RIAA records, the big labels would simply buy the smaller labels.

Don't worry. It'll all be throttled soon. I predict that anyone who wants to produce content will need a special business line.

To use VoIP, that'll be throttled, as will non-branded chat apps. Anything that will allow a telco-style grab for features. The most expensive will be the one which permits encryption for working from home... unless you're a big company who can afford a mutual kickback relationship with the telco.

The days of the free Internet are coming to an end. It'll be as dead as devoid

How about some peer-to-peer mechanism that bypasses the ISP's altogether?

Ok, that's at least half said in jest. But this whole matter, relative to the sheer astounding amount of information that passes between people, puts me in mind of trying to dig the sea out of a sand castle. The rough note is that we have to stay ahead of the bastards who try to limit the means of communication, or put a tap on it for control and money. The c

You don't want to replace the Internet, just add more mesh networks near the edges. If you can route packets entirely over the mesh, the ISP never sees them. If you route some of your packets over your line and some over the line coming from a neighbour with a different ISP, then neither ISP can carry out man in the middle attacks and neither can get much useful information from traffic analysis.

Not only that, those packets they're "inspecting" could be for anything. If you back up your Mac (including your music collection) to MobileMe, does it flag your file transfers as unauthorized filesharing? What about if you access your files over a VPN? What if you email your favourite music to your Gmail account so you can listen to it from work or on vacation? What if you upload them to your phone to use as a ringtone?

If they can tell what files I'm sending over an encrypted VPN link, then they have some impressive technology indeed.

At the risk of being branded a tinfoil-hat wearing nutcase, my employer used to use CIPE for a VPN between two offices. At the time I started, CIPE had already been discredited as being fundamentally insecure but nobody really thought it was going to be intercepted unless you had pissed off a government somewhere.

Then we had a problem. SIP traffic of any description going over that VPN link didn't make it across. (Kind of important when your employer produces SIP software).

Just 6 months after the announcement to monitor their network for illegal filesharers, Virgin Media has seen a dramatic decline in subscribers.90% of their top tier customers (renting 20Mb/sec) have canceled their subscriptionsThis figure is similar (82%) for their 10Mb/sec tier

Furthermore, the cost of the controversial detection methods (Deep Packet Inspection) has meant that the company has had to increase monthly subscription costs across all tiers by 10-20%This has seen decline (albeit much smaller, at 47%) in their lowest tier of service

Except the average schlub is probably illegally downloading movies or music. So when they find out that their internet company is going to stop them from doing it, they're going to react badly.
Piracy is very quickly becoming a mainstream phenomenon. It's not only "cool" to pirate stuff, it's practical and often expected.

Half the reason that sometimes nothing changes, is the people constantly repeating that, taking all belief of the possiblility out of people.That again is half the strategy to keep people from rising up.

Because in the end, it’s all in the mind. If ten million people want to rise up, but believe they are the only ones, then it will be much more unlikely that they really do it.But if ten people believe that they really can change th

> I'm a Virgin Media customer and I won't be leaving because they're> still the cheapest deal for me.

Good service has a value all of its own.

There are several ISPs in the UK that have stated that they will never implement DPI; their services generally cost from 17 to 32 UKP per month with no throttling, no port-blocking and no IWF censorship. Is that *really* too much to pay?

Instead we see Virgin, BT and TalkTalk prospering with over 4 million customers each because they spend vast fortunes on adver

And where is the usenet server hosted?At the moment the *AA are interested in torrents and don't care much about usenet because relatively few people use it, but sooner or later they will go to the companies hosting these servers and sue them for the server logs which implicate you.

Well here's one Virgin cable customer (£30/month) that'll definitely be cancelling next week and specifying the reason for cancelling as deep packet inspection. Hopefully I won't be the only one with the sense to send that message.

Firstly, ADSL 2 has yet to see widespread rollout. If you're in a cabled area, they hold a nationwide monopoly over that cable and it's far and away the fastest option for Internet access.

Secondly, every time something like this is announced virtually every other ISP is not far behind. It's unlikely - nay, unthinkable - that the company flogging this to Virgin isn't trying to flog it to every other ISP and with the government seriously advocating

What about people who have some problem such as laggy connections and, not being too technically minded, make the jump in their minds to deep packet inspection being the hidden cause? Maybe deep packet inspection isn't even really slowing things down or glitching connections or whatever, but doesn't it sound like it would to the average person? What happens when these people think the real issue can be summed up as "This company is lying through their teeth to me", and not some technical explanation? So Vir

"Virgin Media executive director of broadband, Jon James, told ZDNet UK on Thursday that the trial will go live "within days". He added that the use of such traffic-monitoring technology was part of its distribution deal with media company Universal."
http://news.zdnet.co.uk/security/0,1000000189,39906062,00.htm [zdnet.co.uk]

So now I know what their engineers have been doing instead of upgrading the upstream infrastructure so that my 10Mbit connection can provide better than 500kbit with 33% packet loss. Trebles all round.

Excellent! I presume that Virgin Media have also built the infrastructure
to comply with EU/UK privacy regulations?

Such as, e.g., a facility to allow *every* broadband customer to be informed of and if they so choose to view *all* the information being gathered about themselves, and allow *any* of this data to be edited for accuracy by the customer, and allow *all* of this data to be deleted from *all* their servers if the customer decides to end the contract with Virgin at any time, etc.

Moreover, I presume that Virgin Media have ensured that the nature of
the data they do collect is technically necessary for the provision of
their ISP service to each customer, and not simply a gratuitous and
illegal collection of data that is requested for a completely independent
purpose set out in a completely different contract with another
entity, and to which the customer himself is not actually a party.

These are bad economic times, and it would be a pity if some idle British lawyer were to look a little too closely at this announcement...

This is what the banks have been doing for decades. They are happily giving details of your credit card transactions to a privately owned third party company that keeps this record about you and sells digested report about you, popularly known as credit rating, to interested other parties.

If you wish to see the information they collect about you, you have to pay money to them, and correcting wrong information about you (since it otherwise can ruin your life) is not easy or even possible either.

Frankly, I find it amazing that Usenet is still on anyone's radar. Even the alt.binaries groups. It's been a long time since I've found an ISP that includes a free usenet server. The reliable ones are the ones that you have to pay for, and honestly, if you're going to pay to pirate things, you're probably doing it wrong.

Here's a bit of a dilemma, they crack down on filesharing, yet run a free usenet server for their customers with alt.binaries included with 5 days retention.

Will they issue a takedown to themselves?

Due to the repeated issuance of takedown notices (by our own company but we're not telling you that) we regret that we have been forced to remove free access to alt.binaries. If you wish to use that service please subscribe to our new service - PayPerViewBinaries - for just 12.99 per month (well until we increase

I guess I'll fill in some space down here because slashdot will not likely let me post a subject-only comment, but seriously, what more needs to be said? I can't believe they are even saying that with a straight face. Governments barely have anyone or anything to answer two when they lie to people. Businesses like Virgin media most certainly do not. The only thing that their bullshit proves is that they are aware of what the public response will be and that they are afraid of it at some level.

Ok. They're monitoring their customers for illegal file sharing, even going so far as to identify whether or not the copied material has been licensed by the copyright holders. Does this not make them guilty of contributory infringement? They are providing the networks which allow users to infringe copyright. They know that infringement is taking place via their deep packets inspection, down to the level of individual acts of infringement. Then they are destroying data which can identify infringers, but they continue to provide them with networks service. How is this legal?

Yes, I think it's actually illegal, but for different reasons. From what I can tell this is exactly why the UK is facing legal procedings from the EU over Phorm.

It's effectively a breach of the European Declaration of Human Rights which we are signatories to, specifically it is a clear breach of the right to privacy.

I think realistically this will end up in European courts. It wont end up in British courts or be looked into by the police here because they are merely puppets of the Labour government here which supports this as demonstrated by the new supreme court refusing to hear McKinnon, the refusal of investigations into Phorm even though it was blatantly illegal and so on.

Nowadays in Britain we have to rely on the European courts for any semblance of justice on these sorts of things, but on the upside they do generally rule in favour of the citizen on things like this where it is a clear breach of law. God knows where we as citizens of Britain would be if it weren't for Europe, I'd imagine it would resemble something like Germany circa 1937. In fact, there's a certain irony in that whole sentence, how times change eh?

It won't help much. Thanks to Bit Torrent, it's rather easy to identify file sharers; they connect to thousands of peers. You draft a AUP that states file sharing will not be tollerated. Then you use NTOP to identify potential file sharers. Finally, you redirect them to a web page explaining what they need to do if they want to get back online.

- The biggest hurdle for the content companies is that encrypted BT makes it almost impossible
- to see what people share between them. Its impossible to distinguish a bittorrent of a Linux ISO
- from your latest blockbuster. Disallowing filesharing alltogether wont make an ISP that popular.

Except for the web page with the link to spiderman4-xvid-ROTFL.avi.torrent. Your ISP's DPI will be able to report if you clicked that link or not. Until both traffic AND searching are anonymised via onion routing, and

It is an evolutionary process. Browsers and http servers didn't all support HTTPS from the very beginning, but serious ones gradually accepted it as a critical part of the web infrastructure, and now you wouldn't dream to do ecommerce on HTTP.The same is slowly happening for other applications where secrecy and data integrity increasingly get to be seen as essential. Pretty much all serious torrent clients already support encryption, but they haven't switched off "legacy" support in their default configurat

I don't fully understand how BT works, but it seems that most people accept all peers, so does that mean they can use a modified BT client to connect to your system and get information irrespective of encryption?

Most clients use encryption by default, but will accept plaintext incoming connections yes. It's fairly easy to configure your torrent client to only allow encrypted connections if you are feeling paranoid.

Deep packet inspection does not extend to joining swarms with a modified client. At least I'd hope not...

That will be a thrill to their business customers. I'm in Canada, and if Telus or Shaw started throttling encrypted traffic, we'd be well and truly screwed. DSL and cable uplink speeds suck enough already, but holy fuck, that would be bad.

For torrents, encrypting them to block this sort of thing would appear to be straightforward. Just include the encryption key in the *.torrent file itself. Make it a nice long randomly generated key using lots of bits with whatever freely available encryption algorithm is thought to be the most secure.

What sort of CPU overhead is needed for this kind of encryption processing, though? Would it add up to anything significant on modern 1 GHZ+ multicore CPUs at the current data rates?

Those benchmarks are on a 3 year old CPU (single core only). Hence encryption is not a limiting factor for end users - instead, network bandwidth is the limiting factor. I'd argue that encryption isn't a limiting factor for mass data surveill

All public and private communications of all executives of companies in the UK valued at 500 million or more will be monitored for illegal, unethical, and undesired behaviour.

"If we had only known what certain Wall Street bankers had been up to the world could have avoided financial losses in the trillions. In a world of high speed communication and free flowing capital, the expectations of privacy have to be balanced against the interests of all stakeholders." said noted expert florescent_beige.